Authenticated access to computing devices is increasingly important for computer-based devices (such as smartphones, personal data assistants, and the like) and home computer-based devices (such as desktop and laptop computer systems, computer tablets, and so on). Authenticated access to a computing device's functionality is also becoming important. For example, a television set top box or digital video recorder (DVR) may provide various levels of media access (e.g., kids-only television channels, limited playback only or full access on a DVR, and so on). A computing device may have multiple levels of access, for example, user-mode access (e.g., limited to executing already-installed applications) or administrative access (e.g., full access to the computing device; including installing, configuring or removing applications). A computing device may allow multiple users with different user-mode access rights (e.g., a user Alice might be able to make and receive phone calls since she is the primary device owner, but users Jonathon and Oliver may only be able to play games without any network access since they are secondary, underage device users).
Conventional passcode entry systems include using a personal identification number (PIN) as the authentication technique. However, finger oil accumulation on a keypad over time may simplify an attacker's attempts to break a PIN-based security system. Another system uses a connect-the-dots strategy, where the user is presented with a set of images on a touch screen and is challenged to select a pattern of images to authenticate. Again, an attacker may use finger oil accumulation on the touch screen to increase their chances of breaking the security.
Another security risk is the notion of “shoulder surfing”. Here, an attacker may simply be an onlooker from behind the user who is entering their passcode into the system. The attacker may simply see the unlock sequence and thus learn the PIN or pattern.